SecurityWeek reports that Siemens has confirmed ongoing efforts with Microsoft to remediate a Microsoft Defender Antivirus issue impacting Simatic PCS 7 and PCS Neo process control systems.
With Microsoft Defender Antivirus not offering an "Alert only" function, configuring it to "ignore" prevents any action or alert generation, while usage of another setting could prompt deletion or quarantining of potentially malicious files, which are either true or false positives, that could result in subsequent system disruptions, according to Siemens. "The result could be that affected devices will not work anymore, which can lead to loss of monitoring and control of the plant," said Siemens. Organizations leveraging Siemens Simatic PCS have been urged to perform risk assessments to identify their need for alerts regarding malware compromise or potential service disruptions stemming from file removal, as well as implement different configurations to separate clusters of affected devices while waiting for the fix.
With Microsoft Defender Antivirus not offering an "Alert only" function, configuring it to "ignore" prevents any action or alert generation, while usage of another setting could prompt deletion or quarantining of potentially malicious files, which are either true or false positives, that could result in subsequent system disruptions, according to Siemens. "The result could be that affected devices will not work anymore, which can lead to loss of monitoring and control of the plant," said Siemens. Organizations leveraging Siemens Simatic PCS have been urged to perform risk assessments to identify their need for alerts regarding malware compromise or potential service disruptions stemming from file removal, as well as implement different configurations to separate clusters of affected devices while waiting for the fix.
